Support Questions

Find answers, ask questions, and share your expertise
Announcements
Check out our newest addition to the community, the Cloudera Data Analytics (CDA) group hub.

Hive JDBC Connection string with KNOX and Kerberos

Expert Contributor

Hello,

I am trying to connect to hive server JDBC through knox that has kerberos authentication. I was able to connect through knox but after enabling kerberos im having some issues.

Prior to kerberos this worked:

jdbc:hive2://<knox_host>:8443/;ssl=true;sslTrustStore=/knox/gateway.jks;trustStorePassword=knox?hive.server2.transport.mode=http;hive.server2.thrift.http.path=gateway/default/hive

connecting directly without knox:

!connect jdbc:hive2://<hiveserver_hist>:10001/default;principal=hive/_HOST@REALM.COM;transportMode=http;httpPath=cliservice

I've tried many different jdbc connection string combinations with no success. Is the principal=hive/_HOST@REALM.COM required?

Last i tried was:

jdbc:hive2://<knox_host>:8443/;ssl=false;httpPath=gateway/default/hive;transportMode=http;sslTrustStore=/knox/gateway.jks;trustStorePassword=knox

Which gave me:

org.apache.thrift.transport.TTransportException: org.apache.http.NoHttpResponseException: ec2-54-85-108-57.compute-1.amazonaws.com:8443 failed to respond
6 REPLIES 6

Cloudera Employee

Matt, try this:

jdbc:hive2://<knox_host>:8443/;ssl=true;sslTrustStore=/var/lib/knox/data/security/keystores/gateway.jks;trustStorePassword=<master_secret>;transportMode=http;httpPath=gateway/default/hive

Expert Contributor

@skothari

Getting the below:

16/09/28 18:23:43 [main]: ERROR jdbc.HiveConnection: Error opening session

org.apache.thrift.transport.TTransportException: HTTP Response code: 401

at org.apache.thrift.transport.THttpClient.flushUsingHttpClient(THttpClient.java:262)

at org.apache.thrift.transport.THttpClient.flush(THttpClient.java:313)

at org.apache.thrift.TServiceClient.sendBase(TServiceClient.java:73)

at org.apache.thrift.TServiceClient.sendBase(TServiceClient.java:62)

at org.apache.hive.service.cli.thrift.TCLIService$Client.send_OpenSession(TCLIService.java:154)

at org.apache.hive.service.cli.thrift.TCLIService$Client.OpenSession(TCLIService.java:146)

at org.apache.hive.jdbc.HiveConnection.openSession(HiveConnection.java:552)

at org.apache.hive.jdbc.HiveConnection.<init>(HiveConnection.java:170)

at org.apache.hive.jdbc.HiveDriver.connect(HiveDriver.java:105)

at java.sql.DriverManager.getConnection(DriverManager.java:571)

at java.sql.DriverManager.getConnection(DriverManager.java:187)

at org.apache.hive.beeline.DatabaseConnection.connect(DatabaseConnection.java:146)

at org.apache.hive.beeline.DatabaseConnection.getConnection(DatabaseConnection.java:211)

at org.apache.hive.beeline.Commands.connect(Commands.java:1190)

at org.apache.hive.beeline.Commands.connect(Commands.java:1086)

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

at java.lang.reflect.Method.invoke(Method.java:606)

at org.apache.hive.beeline.ReflectiveCommandHandler.execute(ReflectiveCommandHandler.java:52)

at org.apache.hive.beeline.BeeLine.dispatch(BeeLine.java:989)

at org.apache.hive.beeline.BeeLine.execute(BeeLine.java:832)

at org.apache.hive.beeline.BeeLine.begin(BeeLine.java:790)

at org.apache.hive.beeline.BeeLine.mainWithInputRedirection(BeeLine.java:490)

at org.apache.hive.beeline.BeeLine.main(BeeLine.java:473)

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

at java.lang.reflect.Method.invoke(Method.java:606)

at org.apache.hadoop.util.RunJar.run(RunJar.java:233)

at org.apache.hadoop.util.RunJar.main(RunJar.java:148) HTTP Response code: 401 (state=08S01,code=0)

Cloudera Employee

401 is authentication issue. Can you pls check whether the credentials are correct or not?

Expert Contributor

they are - i use the same credentials for the UI's that go through knox gateway, also in knoxgateway log i see: 2016-09-28 19:19:06,039 INFO hadoop.gateway (AclsAuthorizationFilter.java:doFilter(85)) - Access Granted: true

Rising Star

Any luck on this? I am also having error 401 and credentials are fine as well.

Contributor

You can refer below link. It will help in troubleshooting Knox issues.

https://community.hortonworks.com/articles/113013/how-to-troubleshoot-and-application-behind-apache....

Take a Tour of the Community
Don't have an account?
Your experience may be limited. Sign in to explore more.